Exchange 连接器 – 运维日常

Table of Contents

Exchange 连接器分为发送、接收、传递代理、域外连接器4种

传递代理和传递代理连接器控制到非 SMTP 系统的传出邮件流。传出邮件置于邮件队列中，用于传递到非 SMTP 系统。传递代理和传递代理连接器因其改进的性能和管理而优于外部连接器

外部连接器控制到非 SMTP 系统的传出邮件流。传出邮件将写入名为“放置目录”位置中的文件，由非 SMTP 系统进行选择。

接收连接器创建分为：在前端传输服务和传输服务中创建的连接器。

前端传输服务中连接的TransportRole 属性值为FrontendTransport,传输服务中连接器的TransportRole属性值为HubTransPort;

前端传输服务将这些连接中继或代理到传输服务，以便进行分类和路由到最终目标。

使用类型决定接收连接器的默认安全设置。使用类型指定谁有权使用连接器、他们所获取的权限以及受支持的身份验证方法。

禁用连接器匿名发送邮件

Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

创建匿名中继

参考：www.alitajran.com/configure-anonymous-smtp-relay-in-exchange-server/

Create receive connector with PowerShell

New-ReceiveConnector -Server “EX01-2016” -Name “SMTP relay” -TransportRole FrontendTransport -Custom -Bindings 0.0.0.0:25 -RemoteIpRanges 192.168.1.60

Configure anonymous permissions

Run both the commands to grant the minimum required permissions to allow anonymous relay.

Set-ReceiveConnector "EX01-2016\SMTP relay" -PermissionGroups AnonymousUsers

Copy

Get-ReceiveConnector "EX01-2016\SMTP relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Configure externally secured permissions

Run the below command to configure connections as externally secured to allow anonymous relay.

Set-ReceiveConnector “EX01-2016\SMTP Relay” -AuthMechanism ExternalAuthoritative -PermissionGroups ExchangeServers

测试匿名中继

$EmailMessage = @{
To = “info@alitajran.com”
From = “application@exoip.com”
Subject = “Test email”
Body = “Test email sent using Exchange SMTP relay”
SmtpServer = “relay.exoip.com”
Port = “25”
}

Send-MailMessage @EmailMessage

错误提示

Send-MailMessage : Mailbox unavailable. The server response was: 5.7.54 SMTP; Unable to relay recipient in non-accepted domain
At line:10 char:1
+ Send-MailMessage @EmailMessage
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpFailedRecipientException
    + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

Find IP addresses using Exchange SMTP relay

www.alitajran.com/find-ip-addresses-using-exchange-smtp-relay